If you have a support question or comment, click the Post New Topic link below. Sytist Manual | Sytist Articles | Facebook Page.

Potential Malware Reported

 
Please log in or Create an account to post or reply to topics.
 
Brian Crussel
Fri Dec 22, 17
6:43 AM
So I upgraded to the latest Sytist. Today I get this message from GoDaddy, of course with an offer to buy their protection. Is this a real issue? I scanned my site with all the FREE malware detectors I could find and they all came out clean.

Your site has been flagged for malware.
We recently completed a routine security checkup of our servers and platforms. Our scans flagged your ptps.com hosting accounts as containing possible malware.

Please sign in to your hosting account and review the following content and remove or fix the files listed below:


php.backdoor.webshell_gen.38.001 - html/cart/sy-inc/store/payment/square/payment.php

php.backdoor.webshell_gen.38.001 - html/cart/sytist-update/backup/sy-inc/store/payment/square/payment.php

rex.multi_vars.004 - html/Known_Junk/.hcc.thumbs/.hcc.ptps+gal1_img15_th_new.php

rex.multi_vars.004 - html/Known_Junk/dkkuoqlu.php

rex.multi_vars.004 - html/Known_Junk/family/userfiles/tmp/customdb_old.php

rex.multi_vars.004 - html/Known_Junk/fastpass/index_indesit.php

rex.multi_vars.004 - html/Known_Junk/osthkdar.php

php.backdoor.webshell_gen.38.001 - html/Known_Junk/sdesign38/test/cgi/form1process.php

rex.multi_vars.004 - html/Known_Junk/shootg/shooting gallery/164485e3_noversion.php

rex.multi_vars.004 - html/order/admin/customers/customers.registry.edit_indesit.php

rex.multi_vars.004 - html/order/pc_inc/gift.certificate.purchase_noversion.php

rex.multi_vars.004 - html/order/photos/1117-purdue_nursing_december_2013/zm_B1884655__X8H2712_prevv1.php

rex.multi_vars.004 - html/order/photos/1126-purdue_school_of_pharmacy/th_c7BB1CBB__X8H7021_prevv1.php

rex.multi_vars.004 - html/order/photos/1137-erin_miller/di_baf437a8_Miller_E_062_ver1.php
Tim - PicturesPro.com
admin
Fri Dec 22, 17
8:11 AM
Some of those file names look suspicious, but whether they exist or not, I don't know. And looks like most are unrelated to Sytist.

You could email me FTP access and I can take a look at the files.

### It appears you have wordpress files on your server and probably a backdoor file in there. I would suggest removing the unused wordpress files. ####
Edited Mon Dec 25, 17 2:05 PM by Tim - PicturesPro.com
 
 
 
 
 
Tim Grissett, DIA - PicturesPro.com || My Email Address: info@picturespro.com
Loading more pages
Loading more pages
Sign up for email promotions.
Your information is safe with us and won't be shared.
Thank you for signing up!
 
©2003 - 2017 Grissett, LLC. All Rights Reserved.
Loading More Photos
Scroll To Top
Close Window
Loading
Close